Category: General

“I appreciate your expertise. But I’m not without some knowledge myself.” I gave him what I hoped was my friendliest smile.

“Yeah, what—?” he looked skeptical. “You read the red book?”

“Um … actually, I wrote the red book. The ecological sections are mine.”

A Method for Madness, David Gerrold

I am really looking forward to the next David Gerrold‘s Chtorr book.

In the meanwhile, here are his The Martial Child, and The Man Who Folded Himself

P.SFull disclosure: I own all four Chtorr books, and intend buying the rest when they come out.

I love trade publications. That is, I love the ads in them. The ads are generally targeted to a specific group of people, everyone buying advertisment space in a publication knows who the main subscribers are, and thus you get full page ads such as “Congratulations on a job well done!” aimed at a particular achievment of NASA, and unobtrusively reminding the reader that such and such heavy industries were the pilar and staple of american freedom for the last century.

So here is a small, non-comprehensive sampling of the weird and wonderful. Please note that I don’t endorse them.

Next time you need integrated security solutions, airfield management or bare base construction, you should look no futher then this ad, that appeared in November 21st issue of “Aviation Week and Space Technology”:

I found a PDF of it online after googling for “targeted set of aviation services” (Was a google whack, too) on Janes Defence Weekly site, so obviously Haliburton decided that readers of JDW might some day need some program management for large complex projects too.

If those pesky adversaries of yours decided that they can stalemate you by mining your harbors, not a problem. All you need is an autonomous underwater vehicle, which will do the mine reconnaissance, bathymetric mapping, REA category 2-4 (overt, covert and in-stride), and even route survey for you. In case you didn’t know, REA is Rapid Environment Assessment.



This ad came out of September/October2004 issue of Unmanned Systems, a publication of Association for Unmanned Vehicle Systems International. If it caught your fancy, consider reading the military version of system description (After all, who’d want a civilian version?)

Lastly, just in case your grenades are not convincing enough, consider upgrading – these ones provide up to 60% more oomph in a package that is 25% lighter. So instead of 3, you can now take 4, wherever life takes you.

Defintely a big thumb up to Jane’s – they have their list of advertiserers up, with ads previewable in PDF format.

And you thought that you are out of options ever since villainsupply.com went out of business?

Ok, now I am curious. Just what factors do you measure, when you calculate a performance of grenade?

Actual lecture was on the 5th floor of Carleton’s Minto building.

It started with the Cognos folks giving a brief speech on how glad they are to see Carleton partnering with them, and how glad they are to see Professor Bellovin in Ottawa. Cognos is one of the larger employers in Ottawa, and hires a good number of Carleton’s comp sci graduates, and this time they were the ones who brought professor Bellovin into Ottawa (or at least that’s the impression I got).

After that, Carleton’s Dean of Sciences took the podium, and thanked Cognos folks, thanked everyone for attending, and introduced
Paul Van Oorschot, a Canada Research Chair in Network and Software Security. Dr. Van Oorschot, in turn introduced Dr Bellovin.

Seriously, I don’t know any of these people, so I have no comment.

Then Professor Bellovin took the stage, and for about an hour and 20 minutes kept the audience interested. Professor Bellovin is a great speaker – he interspersed the the slides with a number of personal anecdotes about first hand encounters with improper security design.

Do at least page through the slides – it’s worth while.

So here are a couple of photos:

Professor Bellovin.

Professor Bellovin in the hallway after the lecture.

Oh, and I got my copy of “Wily Hacker” autographed. 🙂

So now some questions on my part….

On page 3 of the slides, Dr Bellovin talks about NSA “Blacker Front End” project for end to end encryption and access control on a computer network.

In an article Uncultured Perl (use bugmenot to login, why do these folks want to track you?), Larry Wall says:

Like the typical human, Perl was conceived in secret, and existed for roughly nine months before anyone in the world ever saw it. Its womb was a secret project for the National Security Agency known as the “Blacker” project, which has long since closed down. The goal of that sexy project was not to produce Perl. However, Perl may well have been the most useful thing to come from Blacker. Sex can fool you that way.

Is that the same project?

Is security really in the interest of the operating system vendors? Commercial vendors see little motivation due to lack of demand. OpenSource/Free vendors see little motivation because crypto is hard, and making crypto user friendly AND correctly implemented is beyond the scope of what they teach you in the 2nd or even 4th year of Comupter Science program. Heck, it’s a multi-discipline approach, that requires user interface skills, math skills and programming skills.

Any joker can implement an RSA algorithm. Heck, I implemented it using libtommath and libtomcrypt for a group theory course in a couple of hours. But I won’t trust my implementation worth a damn – I know how poorly it is coded. I am not sure I can get it “right” at my current skill level.

So without demand and corresponding monetary inscentive and without gratification from a good job, do folks even bother? I don’t see former FreeS/WAN folks toiling hard on IPsec. Last release is in April of 2004 (2.0.6) (Their web site says 2003!), so I guess just user gratitude didn’t cut it.

Is Kame.org going strong?

The only folks that I know who are actually working on security now a day are OpenBSD folks. And when was the last time YOU installed or used OpenBSD? Using it right now? Good for you.

How do you educate users? Of course alt.sysadmin.recovery FAQ advocates one approach, which is:

4.3) What is the best way to deal with lusers?

Lusers are much easier to deal with if they aren't breathing.  240V across the
heart, a revolver round through the head, or even a simple little broadsword
thrust into their abdomen will improve your interactions wonderfully.
See next item.

4.4) Revolvers, cyanide and high voltages:  The pros and cons of various luser
education strategies.

There has been a great deal of debate on ASR about the best way of dealing
with lusers, and at this time no consensus has been reached.  What we can
suggest, however, is to be sure it is painful, clean, and doesn't harm
the computer.  That unfortunately leaves a lot of options out; you can't
just throw a grenade at them; it will hurt the machine.

At one point in the past, I would have agreed. Now a days, I am not sure that even these methods will work.

Last two days I had to take a bus. Last time I did so was in July. Experience is just as shitty as ever – buses come either 5 minutes early, or 10 minutes late, so you miss them if you trust the schedule.

Some time in the summer I bought 10 bus tickets, which were in my wallet all this time, so I only noticed today, but OCTranspo hiked fares yet again. Now regular routes are 3$ a ride, express rides are 4$, and bus tickets are 95 cents each. The only way I noticed was because I were standing at the corner of Bronson and Gladstone, waiting for any bus to take me out of there to anywhere where I can get onto a 4 or 7 going to Carleton, and 14 came. As I were about to board, I noticed that 14 is now designated express route, and costs 4$ or 3 bus tickets to board.

Argh.

For that kind of money I’ll walk to Bank st, thank you very much. 4 bucks for 5 block ride.

Of course money grabbing bastards have the gall to claim that “A new fare increase will be introduced December 1, 2005 to help keep pace with inflation and increased operating costs resulting from the rise in fuel prices. Although the cost of taking the bus will increase, transit is still the most economical choice for most people.”

I remember when a bus costed 1.25$. That was less then 10 years ago. That’s inflation of 240% percent over 10 years. If you count the fact that 14 was always a regular bus, not express, that’s inflation of 320%. And not like OC Transpo service is any good – #4 I rode in today smelled of electrical fire, and there was smoke inside. Did I mention it was 10 minutes late?

I am firmy convinced that transit is still the most economical choice for most people that have no other means of getting around. If you have any other means of getting around, please do. Consider that once you paid for your car insurance, and assuming 7km per liter of gas in your car, for the cost of 3$ fare, you can go for 20km where you want and when you want.

My plan to get back home after writing a final in Automata Theory today is to take the free shuttle bus to Ottawa U, and walk from there. Free, healthy, and alot less frustrating.

And I am sure that some economists at OC Transpo are wondering why the company is losing money. All problems started with you, OC Transpo.

Edit: Just looked at the OC Transpo web site[1]. 14 is not designated as an express route. So are the working to rule job acting striking drivers padding their pockets this way now?

[1] Whoever designed that web site needs to go back to Algonqueen colledge and relearn web design 101 and web site functionality 201. And fix up the pages so it won’t load style5.css when you click anywhere on the text. It would help.

On Thursday, December 1st 2005, Professor Steve Bellovin came to Ottawa, and gave a public lecture. To me it was a very big deal. Here is why:

Back in early 90s my parents bought me a personal computer to replace Commodore VIC 20. It was a speedy 486 DX2-66 with 16 megabytes of 72 pin RAM and 420 (408 megs real) meg Seagate hard drive. 2x CD-ROM drive was on a special daughter card (Mitsui? Panasonic?), and the 4 meg ATI Mach 32 video card was VLB. At the time when standard for RAM was 4 megs, this computer was not really bought for me – it was bought so that my dad could learn drafting using AutoCAD, and was specced accordingly, but in essence it became “mine”. The first thing I bought for it was a 14.4 modem.

It was not my “first” computer, as before hand there was the aforementioned VIC 20 with basic, and a really annoying (in retrospect) keyboard, and somewhere around that time there also was a DEC VT320 white terminal hardwired into a DEC Scholar modem, and then into a phone line, and but it was a “real computer”.

DEC VT320 was not really a computer. It was a dial-in terminal with no local storage. However it had an important function – it allowed me to dial-in at 2400 baud into National Capital Freenet and into bulletin boards. VT320 was black and white, so it had no support for ANSI colors, so BBSes were not really a big deal. It was great with NCF – at 2400 baud it was slow enough that I didn’t need to page articles – they were scrolling on my screen slower then I could read them. Only later, when I actually started using a computer with local storage, I started differentiating between BBSes. Most public BBSes were ‘lame’ – at best they had door games like LORD, and at worst they had a rather pathetic selection of messages and files. In order to be on the ‘cool’ boards one had to be able to upload ‘0-3 warez’ (Pirated software that became available in retail up to 3 days ago). I didn’t have access to that (and even if I could buy something, I had no idea at the time now to crack it), cool boards were invite only, with phone numbers that were not published in Monitor magazine.

NCF was an exception – it allowed access to both local and global newsgroups thanks to Paul Tomblin, it allowed me to send e-mail, and supposedly even “chat” (I actually never chatted on freenet, so I don’t know it by ‘chat’ they meant IRC, or something else. Hrm). Eventually it allowed access to internet using lynx (text based browser) and elm was made available to read mail[1].

Someone I hooked up with over NCF had a Sun 3/60 box running SunOS 3.5.

Now, for all you kids who have no idea what a Sun 3/60 was, it was a 3 MIPS motorolla 68020 based workstation from Sun. VME based, single board. James Birdsall has a hardware reference somewhere on Beel’s sitethat lists old Suns, so you can take a look at what you missed 🙂 It run SunOS 3.x [2].

He gave me shell account to play with on his box for a few days. Catch was that because I didn’t have internet access, and neither really did he, he hooked up a modem to the Sun, and gave me a phone number to dial-in.

It was very sporadic, and only gave me a couple of hours of actual use of the system, but it was my introduction to UNIX.

At some point around end of 94, I were at a local computer store (that since closed), and ended up talking to a sales person. The guy (whose name I don’t remember, in fact, I don’t think I ever asked him his name) eventually told me to try Linux out. He said that it was just like SunOS on that Sun system, and I got interested. What sold me was his assurance that it includes Midnight Commander, which is the same as Norton Commander, so I ended up buying a Lasermoon 3 CD sets with Slackware on it. Kernel was 1.2.8, IIRC.

Installation of Slackware was… interesting. In retrospect, I don’t see a normal user going through this – remember the non-standard CD-ROM that required a daughter card and DOS drivers? Well, it was not supported by that version of Slackware, so eventually I convinced my parents to spend 20$ on floppy disks, backed up all the relevant data I had (I got really really proficient with ARJ archiver at the time) onto floppies, re-partitioned the hard drive, copied and labeled contents of each of the proper install directories (I think just base, network, and something else, like games) from the Slackware CD onto floppies, rawrited the boot and root disks, and eventually, after 3 or 4 attempts, did the install. Basically, it was an experience. No, CD didn’t work. I lucked out with X – ATI was one of the forward thinking companies of the time, so someone (Andrew Mileski maybe) already implemented ATI drivers. So I had X! twm, fvwm and an openlookish clone which name I forgot. But I were driven – I were trying to re-capture the SunOS 3.x feeling, and Linux at the time delivered.

In August of 95 an inaugural meeting of Ottawa Carleton Linux Users Group (OCLUG) was held at Algonqueen College Rideau Campus (Since sold by the college). I were there (Yes, I am a founding member of OCLUG. Back then I were proud of the fact, now a days I am much less so). For the next few years I used to go to OCLUG meetings religiously, and heck, it was there where I met Luc Lanthier and Eric Laforest, where Gert Jan recruited me to work for iStar in August of 97, etc. Folks I met through OCLUG also were the ones who influenced me to look into computer security, and around end of 96, beginning of 97 I bought the computer security book that was highly recommended – “Firewalls and Internet Security, Repelling the Wily Hacker” 1st edition, by William Cheswick and Steven Bellovin.

Over the years of working for ISPs, admining systems, then networks, that book was a great help. It had a bunch of mantras that are still true today – Security is hard, technology is not evil – people are evil, security starts with people, and people are lazy and stupid. It opened an entire new world for me, back in in 97. It helped me get my first “real” job – I knew enough about computer security and were making intelligent and helpful enough presentations at OCLUG for GJ to hire me as a systems administrator of iStar, at the time largest ISP in Canada.

So over the years authors of this book held a special place in my heart. In the book, they were witty, entertaining, explained complex technological problems in easy to understand terms. They were knowledgeable, and intelligent. For years, while lurking on BUGTRAQ mailing list, and deleting unread most drivel that was leaking through moderators at the time, every time I’ll see a post from Steve Bellovin, I would read it, and then go back and read entire thread. He was one of (few) people on the list who didn’t look for fame or tried to show how ‘leet’ his ‘mad hax0r skillz’ were.

So I were really looking forward to meeting Steve Bellovin in person for the first time. And I brought the book that changed my life with me :-P.

[1] As an aside, many many people in Ottawa, at least people who I kind of knew, dealt with freenet in one way or another – Gert-Jan Hagenaars was my boss at iStar, and also did work for FreeNet. Ian! D. Allen was an OCLUG member, and dealt with NCF. Paul Tomblin used to run NCF newsserver, vented in alt.sysadmin.recovery and was reasonably well known to John Henders, who in turn used to work for iStar with GJ and was one of the bofh.* nodes of usenet[3]. I remember e-mailing Paul Tomblin a couple of times asking for help with usenet. He was really charitable with his replies. I knew Mark Mielke from highschool, and he was responsible for getting elm mail reader to work with the FreePort software at NCF. Mark, if you read this, get in touch, we should do coffee/beer.

[2] I think there was a version of SunOS 4.1.1 that would run on 68K based systems. I am sure some sick souls out there still run sun3 arch. If you are one of them – respect. Give me a shout, I’ll scan in the right pages from old (covers some sun2, all sun3, all sun4/sun4c/sun4m and some sun4u arch) Sun Hardware Reference for you, if you want.

[3] I used to get my bofh.* feed from news.ott.istar.ca (or somesuch), which was propogating the newsfroop thanks to John. Ah, days of INN 1.4 on Pentium 133 desktop on my desk at iStar office.

I’ve not been to 2600 meetings for years. I am not even sure if there still is one in town – I kind of stopped paying attention since Bishop stopped running them, and since San “NeTTWerK” Mehat stopped coming. Meant to go to one on December 2nd, first friday of the month, but instead went to Aikido class. Oh well, shit happens.

Last time I went to a meeting was a few years ago, and when I got out my SPARCbook 3000XT, a bunch of starry-eyed attendeed hobbled behind my back and started making commens to each-other: “Oooh. Slowaris, slowaris”, “insecure”, “easy to root”.

Meh. Whatever. I were bitter then. Right now I have nothing to prove.

Come to think about it, this was before I helped Chris “President Clinton” Petro (wankel) with AV at H2K2 (80% of the video of the second track was filmed by me. Chris did the first track).

So I stopped going, however something someone said kind of piqued my curiosity (or maybe I just were sufficiently bored).

Is there still a 2600 scene in Ottawa, and is it worth going, or are people still talking about stealing Salvation Army donation boxes?

P.S. Not like the official list is always correct. That’s why I am asking.

P.P.S. Just googled for “Chris Petro wankel”. Discovered that someone actually has a photo of me at H2K2 on line, attributed as Stanny. Actually, Figz still has #unix gallery online. Now, that is scary.

Introduction

Based on what I understand, CiscoPro was Cisco’s attempt at selling routers with crippled OS loads with discounts through resellers. It was the case in the late 90s, and certain models of routers (100x, 25xx, 45xx, 16xx) were available in the olive green of Cisco, and in white. White boxen were the CiscoPro variety, and would only run so called “CiscoPro” featuresets only. By IOS release 11.2 Cisco abandoned that practice, and offered a way to convert all existing CiscoPro routers into routers that would accept standard Cisco IOS load.

Hardware-wise both CiscoPro white boxes and reguar Cisco boxes in olive green are identical, and the only difference is in the non-volatile memory.

As most CiscoPro units still in the field have been converted, I’ll try to document what needs to be done to a CiscoPro router to make it happier, and potentially useful. As it happened, I got my hands on two Cisco routers with white paintjob – CPA2503 (sh ver below) and CPA2520, which correspond to Cisco 2503 and 2520.

Basic Idea

Expect CiscoPro router to have much less flash and RAM then Cisco lists as standard for the model in question. If this is a router you will use for CCNA tests, do shell out some money for flash and RAM upgrades, as they will be necessary to run versions of IOS that you can test on.

Grab the aproprite upgrade file from ftp://ftp-sj.cisco.com/pub/access/ and a copy of the upgrade image. For CiscoPro CPA25xx routers you need cpa25-up.bin.

Configure the route so it can talk to your tfpt server (DO password recovery if needed, it’s on Cisco web site), back up existing IOS, copy the cpa-25-up.bin into the flash of the router, and get it to reboot with that image. cpa25-up.bin will modify the non-volatile memory to remove the CiscoPro only requirement, and which point you can boot from the ROM, and flash in a modern IOS (or at least IOS that you backed up initially).

Step by Step procedure for Windows users

If you boot up a Cisco, and at “sh ver” it shows the following:

SDN-Link>sh ver
Cisco Internetwork Operating System Software
IOS (tm) 3000 Software (CPA25-Y-L), Version 11.1(24), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Mon 04-Jan-99 20:00 by richv
Image text-base: 0x030206C0, data-base: 0x00001000

ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
ROM: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), RELEASE SOFTWARE (fc1)

ISDN-Link uptime is 2 minutes
System restarted by power-on
System image file is "flash:cpa25-y-l.111-24.bin", booted via flash

cisco CPA2500 (68030) processor (revision F) with 2048K/2048K bytes of memory.
Processor board ID 04595024, with hardware revision 00000000
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
Basic Rate ISDN software, Version 1.0.
Authorized for CiscoPro software set only.
1 Ethernet/IEEE 802.3 interface.
2 Serial network interfaces.
1 ISDN Basic Rate interface.
32K bytes of non-volatile configuration memory.
4096K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102

ISDN-Link>

You have on your hands an affected router that needs some tender loving care.

For starters, expect that CiscoPro router will have minimum DRAM and flash. Cisco states that they shipped 2500s with 8 megs of DRAM and Flash. As you can see, this 2503 has only 4 megs of each. DRAM for 2500 is simple – it’s standard 72pin PC RAM, so if you have a 16 meg, single sided, it will work. Flash is much harder to obtain, and folks like MemoryX want ~80 USD for a 16 meg kit.

2500 platform is limited to 16 megs of flash and 16 megs of DRAM, but that would allow you to run IOS 12.3.16, which is the latest at the time of this writing. In other words, with over a million 2500s in the field, they will be supported for a while longer.

Next, you need to get yourself a PC with Windows. I did my upgrade under Windows 2000, although you might get away with a Unix/MacOS X box with tip, minicom, ZTerm.app, etc.

Under Windows you need to get yourself a copy of Cisco RSL (Router Software Loader) from ftp://ftp-sj.cisco.com/pub/access/ and a copy of the upgrade image. From the Cisco FTP site I grabbed cpa25-up.bin and RSL 7.11.

Then I configured the console cables so I could talk to the router over hyperterminal. In process I needed to do password recovery (drop to bootrom, set the confreg to 0x2142, reboot, say no at the original config) on one of the routers. I’ve used Cisco TFTP server for windows that ships with RSL (look for installer in the RSL711 directory) to back up the cpa25-xxxx.bin IOS loads, as they are hard to find and fit in 4 megs of flash requirement that I currently have. I also had to look around, and find an even older firmware image for 2500 that would fit into flash. At http://www.tfr.org/cisco-ios/ I grabbed router-2500-serial.bin which is IOS ™ 3000 Software (IGS-I-L), Version 10.3(5), RELEASE SOFTWARE (fc1). Of course 2500 and 3000 are basically the same router, so it was a fair deal.

I created a directory “images” in RSL711 directory, and dropped cpa25-y-l.111-24.bin that I recovered from the router, router-2500-serial.bin that I grabbed from above site, and cpa25-up.bin

Then I disconnected HyperTerminal, and started RSL. RSL found my 2503, queried it, and asked me what IOS image I’d like to run on it. I pointed at the IOS 10.3, at which point RSL told me that I need to rename cpa25-up to a different name, as it can’t find it. I renamed cpa25-up.bin to what it asked me, and told RSL to continue. It went on for a while occasionaly looking , and about 5 minutes later it told me that it is done.

NOTE: Tell RSL to NOT back up any files. That’s why you backed up IOS as the first step. If you do tell it to back up, it will not finish running and just sit there, because it is expecting somewhat different prompts then what IOS on my routers was offering it.

I shut RSL down, and connected to the router over hyperterminal. It was happily running IOS 10.3(5). At that point I’ve started Cisco TFTP server again, and flashed in original IOS (You can use RSL for that too, it will work. Again, no backups, as you already did them).

So after a RAM upgrade, and this convoluted procedure I were left with:

Router#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 3000 Software (CPA25-Y-L), Version 11.1(24), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Mon 04-Jan-99 20:00 by richv
Image text-base: 0x030206C0, data-base: 0x00001000

ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
ROM: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), RELEASE SOFTWARE (fc1)

Router uptime is 0 minutes
System restarted by power-on
System image file is "flash:cpa25-y-l.111-24.bin", booted via flash

cisco 2500 (68030) processor (revision F) with 16384K/2048K bytes of memory.
Processor board ID 04595024, with hardware revision 00000000
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
Basic Rate ISDN software, Version 1.0.
1 Ethernet/IEEE 802.3 interface.
2 Serial network interfaces.
1 ISDN Basic Rate interface.
32K bytes of non-volatile configuration memory.
4096K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102

Router#

And everything was well in the world…

Short story

NM-2E anything nor any NM-XFE will work in Cisco 2620. This includes NM-2E2W, NM-1FE, NM-2FE, etc. Same with HPPI and HSSI cards. Here is a list of supported NMs.

To me this looks like a deliberate crippling of 26xx platform just to convince people to buy bigger boxes, because NM-4E is supported under 2620, so in NM-2E2W it’s not a backplane speed issue.

Long story

I ended up with a Cisco 2620 handed to me. It came with only a single WIC slot populated with WIC-1DSU-T1, so it had an empty NM slot, and an empty second WIC slot, plus built in 10/100 FastEthernet port.

I figured that I have three NM-2E2W interfaces in my Cisco 3640, yet I am only using 4 uplinks, so I should just move one NM-2E2W to the 2620, turning it into a mean routing machine, with 3 ethernet interfaces, plus a serial interface. Then I could cross-connect 2620 and 3640 over serial, and use HSRP or something fancy, or, if worst comes to worst, just sell 3640 – I can get away with just 3 interfaces.

So I transfered NM-2E2W to the 2620.

It booted up, and I saw a curious syslog message:

00:00:08: SERVICE_MODULE(Serial0/0): self test finished: Passed
00:00:09: %PA-2-UNDEFPA: Undefined Port Adaptor type 30 in bay 1
00:00:13: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down

That’s weird, I thought. I got distracted, however, as I had to drop to rommon, change config register to 0x2401, write a new config file in to the router, etc. But sh ver was showing me only

cisco 2620 (MPC860) processor (revision 0x102) with 61440K/4096K bytes of memory.
Processor board ID XXXXXXXXXXX (XXXXXXXXX)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
1 FastEthernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)

which is not exactly useful as I generally use ethernet, and short of doing something fancy, like dot1q, router in it’s current state is not that functional.

I remembered times from debugging Cisco 7204s at Cyberus, where different IOS loads would recognize different PAs. 2620 had a c2600-ik9o3s3-mz.123 load that was a few years old, so I figured that maybe I need a new IOS. No problems, a recent security advisory provided me with an excuse to call up TAC and ask for new IOS.

When calling TAC in case like this, one has to be aware that TAC will only offer a like for like update. In other words, if you have 12.0.x, you will get a 12.0.Y image, where Y > X, but still, same feature set, same IOS revision. Makes sense, as I am not a paying customer.

Basic concern for me was to get an IOS load that has 3DES support. 3DES support means SSH capable load. Sadly, Cisco is in the States, which has a somewhat silly law about encryption being more dangerous then nukes. Luckily the image on the router was already with the right features. So I called up TAC, spent about 2 hours on hold with them, talking to their wonderful people. I like TAC – they talk to me, even though I don’t have a support contract.

End result was that they gave me links to download c2600-ik9o3s3-mz.123-15b.bin and c3640-ik9s-mz.123-16.bin .
I’ve attempted to load the former onto the 2620, however there was a disappointment – Cisco’s latest and greatest is a few hundred K larger then the 16meg flash I have in 2620:

c2620#sh flash

System flash directory:
File  Length   Name/status
  1   11072164  c2600-ik9s-mz.122-17a.bin  
  2   309208   crashinfo_19930301-000024  
[11381500 bytes used, 4871428 available, 16252928 total]
16384K bytes of processor board System flash (Read/Write)

c2620#

stany@gilva:/private/tftpboot/works[11:29 PM]$ ls -la c2600-ik9o3s3-mz.123-15b.bin 
-rw-r--r--   2 stany  501  16303356 Sep 15 20:49 c2600-ik9o3s3-mz.123-15b.bin
stany@gilva:/private/tftpboot/works[11:30 PM]$ 

Way to go Cisco!

No, problems, if this load would recognize my NM-2E2W, I will tftpboot it each time.
I dropped to rommon, set a bunch of variables, and did tftpdlnt.

On my MacOS X box I did:

root@gilva:/private/tftpboot[11:36 PM]# ln ~stany/c2600-ik9o3s3-mz.123-15b.bin test.bin
root@gilva:/private/tftpboot[11:36 PM]# /usr/libexec/tftpd -d -s /private/tftpboot/
root@gilva:/private/tftpboot[11:37 PM]# netstat -an | grep *.69
udp4       0      0  *.69                   *.*                    
udp6       0      0  *.69                   *.*                    
root@gilva:/private/tftpboot[11:37 PM]# 

On the Cisco I dropped into rommon by pressing break on the boot-up, and checked that my settings made sense:

rommon 1 > set
PS1=rommon ! >
IP_ADDRESS=192.168.82.249
IP_SUBNET_MASK=255.255.255.0
DEFAULT_GATEWAY=192.168.82.254
TFTP_SERVER=192.168.82.161
TFTP_FILE=test.bin
TFTP_VERBOSE=2
?=38
RET_2_RTS=19:08:22 EST Sun Feb 28 1993
RET_2_RCALTS=
CRASHINFO=flash:crashinfo_19930301-000024
BSI=0
RET_2_RUTC=0
rommon 2 >

All tftpdlnd cares about are valid IP_ADDRESS IP_SUBNET_MASK DEFAULT_GATEWAY TFTP_SERVER and TFTP_FILE. TFTP_VERBOSE can be set to 0 (no verbosity), 1 (somewhat verbose, default) and 2 (tell me everything).

test.bin is a reasonable name for the file – it’s short and easy to type.

Once I verified that everything was in order, I proceeded to download the image and executing it in memory (-r option). This is, BTW, a very useful way of testing IOS images, when you have something in flash that you know works, and you don’t have space for multiple images on flash. This way you can test new image, knowing that a power-cycle will get rid of it.

rommon 2 > tftpdnld -r

         IP_ADDRESS: 192.168.82.249
      IP_SUBNET_MASK: 255.255.255.0
     DEFAULT_GATEWAY: 192.168.82.254
         TFTP_SERVER: 192.168.82.161
           TFTP_FILE: test.bin

Performing tftpdnld over Fast Enet.
Interface is operating at: 100Mbps/HALF DUPLEX
Initializing interface.
Interface link state up.
ARPing for 192.168.82.161
ARP reply for 192.168.82.161 received.  MAC address 00:0d:93:42:2a:96
Receiving test.bin from 192.168.82.161 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
File reception completed.
program load complete, entry point: 0x80008000, size: 0xf8c3e0
Self decompressing the image : ########################################################################
#######################################################################################################
######################################################################################## [OK]

Smart Init is enabled
smart init is sizing iomem
  ID            MEMORY_REQ                 TYPE
000094          0X000B3B80 C2600 Single Fast Ethernet
00001E           UNKNOWN port adapter
                0X00098670 public buffer pools
                0X00211000 public particle pools
TOTAL:          0X0035D1F0

If any of the above Memory Requirements are
"UNKNOWN", you may be using an unsupported
configuration or there is a software problem and
system operation may be compromised.
Rounded IOMEM up to: 4Mb.
Using 6 percent iomem. [4Mb/64Mb]

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706



Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IK9O3S3-M), Version 12.3(15b), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Thu 25-Aug-05 13:39 by ssearch
Image text-base: 0x80008098, data-base: 0x81A13C28


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco 2620 (MPC860) processor (revision 0x102) with 61440K/4096K bytes of memory.
Processor board ID XXXXXXXXXXX (XXXXXXXXXX)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
1 FastEthernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)

Uncompressed configuration from 1579 bytes to 2531 bytes


Press RETURN to get started!

Still no NM-2E2W!

I telnetted into Cisco, and did sh diag:

c2620#sh diag | beg 88 00
          0x30: 88 00 00 00 00 01 24 01 FF FF FF FF FF FF FF FF

Slot 1:
        Unknown (type 30) Port adapter
        Port adapter is disabled 
        Port adapter insertion time unknown
        EEPROM contents at hardware discovery:
        Hardware revision 1.2           Board revision E0
        Serial number     18783769      Part number    800-01171-05
        FRU Part Number:  NM-2E2W=

        Test history      0x0           RMA number     00-00-00
        EEPROM format version 1
        EEPROM contents (hex):
          0x00: 01 1E 01 02 01 1E 9E 19 50 04 93 05 00 00 00 00
          0x10: 70 00 00 00 00 02 29 17 FF FF FF FF FF FF FF FF


c2620#

In other words, it sees the NM-2E2W, just refuses to deal with it.

Argh!

Eventually, after more googling, I discovered this useful document, that tells me that cisco 2620 is a piece of crap, unless I spend a fortune on NM-4E. Argh.

Fully buzzword compliant gadget!

“Ear-Mounted, super-bright LED personal illuminator. Up to one mile visibility – weighs just 18 grams! … Overdriven, super-bright Nichea LED module features a parabolic reflector and precision focusing lens … reversible and adjustible ear loop allows use with or without glasses on left or right ears … useable runtime of over 36 hours … no distracting side flare. Easily lights anything and everything you look at … Works under water includes batteries!”

Now I know what i’ll get blinded by the next time I go camping.. it’s not just those head mounted lamps anymore! *sigh*

I want a red one!

RadTech Products – I-Sight – Ear-Mounted LED Light